viraptor

Asked: 2015-12-27 19:08:38 +0800 CST2015-12-27 19:08:38 +0800 CST 2015-12-27 19:08:38 +0800 CST

Redirect to local network without allow_localnet

I'd like to redirect incoming external traffic to a service which listens on 127.0.0.1. The redirection is easy - just:

iptables -t nat -A PREROUTING \
    -d local_ip --dport 80 \
    -j DNAT --to-destination 127.0.0.1:port

but this leaves the packet on eth0 and it's just logged as martian and dropped by default. I can enable route_localnet on eth0 to fix this, but that exposes the whole interface to weird routing tricks.

How do I forward it correctly without route_localnet?

1 Answers

Voted

Michael Hampton
2015-12-28T01:29:23+08:002015-12-28T01:29:23+08:00
The correct way to handle this is to have the application listen on the correct interface and/or IP address, not 127.0.0.1, and use iptables only to allow traffic, not to play weird NAT tricks.
1

Redirect to local network without allow_localnet

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?